HJThis 0 Report post Posted December 30, 2006 Hi,Andy Did you happen to be using the McAfee® Anti-Phishing Filter do you think it maybe part of the problme. and Please download ComboFix and save it to your desktop. Double click combofix.exe and follow the prompts. When it's done running it will produce a log for you. Please post that log in your next reply. Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Gogo Share this post Link to post Share on other sites
tarantino 0 Report post Posted December 30, 2006 Server not found can u post another mirror for combo fix? thnx Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 30, 2006 Hi,Andy Nope it's the only one i know of try again later. for now lit's have a look at this here Download and Save blacklight to your desktop. F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml Double-click blbeta.exe then accept the agreement. click > scan then > next, You'll see a list of all items found - if found, so don't worry it tells that there were no files found. In case hidden files were found, Don't choose for rename yet! I want to see the log first, because legit items can also be present there... There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers) Post the contents of the log in your next reply. Gogo Share this post Link to post Share on other sites
tarantino 0 Report post Posted December 30, 2006 12/30/06 13:50:59 [info]: BlackLight Engine 1.0.55 initialized 12/30/06 13:50:59 [info]: OS: 5.1 build 2600 (Service Pack 2) 12/30/06 13:50:59 [Note]: 7019 4 12/30/06 13:50:59 [Note]: 7005 0 12/30/06 13:51:01 [Note]: 7006 0 12/30/06 13:51:01 [Note]: 7011 1748 12/30/06 13:51:02 [Note]: 7026 0 12/30/06 13:51:02 [Note]: 7026 0 12/30/06 13:51:06 [Note]: FSRAW library version 1.7.1021 12/30/06 14:37:08 [Note]: 7007 0 nothing foind tho Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 31, 2006 Hi,Andy Please try the ComboFix link now it's working now. Gogo Share this post Link to post Share on other sites
tarantino 0 Report post Posted December 31, 2006 Here ---- Owner - 06-12-30 20:43:59.17 Service Pack 2 ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop\My Stuff" ((((((((((((((((((((((((((((((( Files Created from 2006-11-30 to 2006-12-30 )))))))))))))))))))))))))))))))))) 2006-12-29 18:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2006-12-29 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2006-12-29 17:17 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2006-12-24 16:50 387 --a------ C:\WINDOWS\system32\vfw_32.reg 2006-12-24 16:50 <DIR> d-------- C:\WINDOWS\system32\drivex 2006-12-05 21:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-29 19:10 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-12-29 19:09 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-12-29 17:05 -------- d-------- C:\Documents and Settings\Owner\Application Data\LimeWire 2006-12-28 20:40 -------- d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor 2006-12-25 18:25 -------- d-------- C:\Documents and Settings\Owner\Application Data\uTorrent 2006-12-14 21:33 -------- d-------- C:\Program Files\Internet Explorer 2006-12-14 21:32 -------- d-------- C:\Program Files\Windows Media Player 2006-12-14 21:30 -------- d-------- C:\Program Files\Outlook Express 2006-12-14 21:30 -------- d-------- C:\Program Files\Common Files\System 2006-12-08 14:49 15360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2006-12-06 23:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-12-02 23:40 -------- d-------- C:\Program Files\DivX 2006-11-27 16:09 -------- d-------- C:\Program Files\SiteAdvisor 2006-11-25 18:17 -------- d-------- C:\Program Files\Java 2006-11-25 18:16 -------- d-------- C:\Program Files\Common Files\Java 2006-11-25 18:16 -------- d-------- C:\Program Files\Common Files 2006-11-25 15:23 65536 --a------ C:\WINDOWS\IFinst27.exe 2006-11-25 12:35 -------- d-------- C:\Program Files\Lavasoft 2006-11-25 12:35 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft 2006-11-24 23:56 -------- d-------- C:\Program Files\Microsoft Corporation 2006-11-24 23:33 -------- d-------- C:\Program Files\Microsoft Works 2006-11-24 20:05 -------- d-------- C:\Program Files\TuneUp Utilities 2006 2006-11-24 20:04 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2006-11-23 21:55 15440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2006-11-23 14:59 -------- d-------- C:\Program Files\Winamp 2006-11-15 16:01 520192 --a------ C:\WINDOWS\system32\DivXsm.exe 2006-11-15 16:01 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2006-11-15 16:01 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2006-11-15 16:01 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2006-11-15 15:56 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-11-15 15:56 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-11-15 15:56 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-11-15 15:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2006-11-15 15:56 635486 --a------ C:\WINDOWS\system32\DivX.dll 2006-11-15 15:56 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2006-11-15 15:56 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2006-11-15 15:56 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2006-11-15 15:56 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2006-11-15 15:56 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2006-11-15 15:56 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2006-11-15 15:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2006-11-15 15:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2006-11-15 15:36 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2006-11-14 22:27 -------- d-------- C:\Program Files\MSXML 4.0 2006-11-08 22:52 -------- d-------- C:\Program Files\iTunes 2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 17:50 -------- d-------- C:\Program Files\GemMaster 2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-10-28 20:27 18916 --a------ C:\WINDOWS\system32\tfak.dll 2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll 2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-09 10:58 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll 2006-10-05 19:26 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "SiteAdvisor"="\"C:\\Program Files\\SiteAdvisor\\4608\\SiteAdv.exe\"" "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe" "MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe" "MPFEXE"="\"C:\\Program Files\\McAfee.com\\Personal Firewall\\MPFTray.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\A6A01490917B8D50.job C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1158621125.job Completion time: 06-12-30 20:44:56.71 C:\ComboFix.txt ... 06-12-30 20:44 Share this post Link to post Share on other sites
Ai_Tak 0 Report post Posted December 31, 2006 It may seem too obvious, but has anyone considered that something may have changed internet explorer's user agent string? Share this post Link to post Share on other sites
tarantino 0 Report post Posted December 31, 2006 i dont know man, but if u say so.. what should i do? if u read above, i already said that web-sites recognize my ie as Netscape. Share this post Link to post Share on other sites
tarantino 0 Report post Posted December 31, 2006 (edited) bump* EDIT: OMFG OMFG I DID IT!! (SRRY FOR OVER EXCITEMENT! ROFL!!) thnx ai tak, i went into registry and changed parameters and values and i did !! YES D*mn IT!! THNX! SOLUTION! 1)First of all you have to check your browsers user string (someone messed up mine [prbly spyware]) by entering java script:alert(navigator.userAgent) this script into your web browser address bar. And this table i copied from microsoft's web site just to let you understand what these parameters mean MSIE 7.0 Internet Explorer 7 MSIE 7.0b Internet Explorer 7 (Beta 1 pre-release only) MSIE 6.0 Internet Explorer 6 MSIE 6.0b Internet Explorer 6 (pre-release) MSIE 5.5 Internet Explorer 5.5 MSIE 5.01 Internet Explorer 5.01 MSIE 5.0 Internet Explorer 5 MSIE 5.0b1 Internet Explorer 5 (pre-release) MSIE 4.01 Internet Explorer 4.01 Platform tokens describe your operating system; the following table lists Internet Explorer platform tokens for the last several versions of Windows. Platform token Description Windows NT 6.0 Windows Vista Windows NT 5.2 Windows Server 2003; Windows XP x64 Edition Windows NT 5.1 Windows XP Windows NT 5.01 Windows 2000, Service Pack 1 (SP1) Windows NT 5.0 Windows 2000 Windows NT 4.0 Microsoft Windows NT 4.0 Windows 98; Win 9x 4.90 Windows Millennium Edition (Windows Me) Windows 98 Windows 98 Windows 95 Windows 95 Windows CE Windows CE Token Description .NET CLR .NET Framework common language runtime, followed by the version number SV1 Internet Explorer 6 with enhanced security features. (Windows XP SP2 and Windows Server 2003 only) Tablet PC Tablet services are installed; number indicates the version number Win64; IA64 System has a 64-bit processor (Intel) Win64; x64 System has a 64-bit processor (AMD) WOW64 A 32-bit version of Internet Explorer is running on a 64-bit processor. Here's final step User-Agent Registry Keys When you install certain Windows components, such as the Microsoft .NET Framework or Windows XP SP2, tokens are added to the user-agent string. This is done by adding tokens to the following registry keys. HKEY_LOCAL_MACHINE (or HKEY_CURRENT_USER) SOFTWARE Microsoft Windows CurrentVersion Internet Settings User Agent Pre Platform Token=Value Post Platform Token=Value The Pre-Platform and Post-Platform keys contain values whose names appear before and after the Platform token respectively. For example, if a string value is added to the Post-platform key, the name appears after platform token in the user-agent string. Multiple tokens added to either key appear in an unpredictable order. You can also override certain tokens of the user-agent string by adding values to the following registry key HKEY_LOCAL_MACHINE (or HKEY_CURRENT_USER) SOFTWARE Microsoft Windows CurrentVersion Internet Settings 5.0 User Agent (default)= "Mozilla/4.0" Compatible= "compatible" Platform= "Windows NT 5.1" Version= "MSIE 6.0" Pre Platform Token=Value Post Platform Token=Value There you go, thnx everybody for your help and effort. I guess sometimes user has to figure out some things on his own, but with little help of others. Edited December 31, 2006 by Andy{Leet_krew} Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 31, 2006 Hi,Andy Man i would love to help you but im lost on this one. but i think McAfee has something to do with it don't know why i just do. by the way what is this here C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\A6A01490917B8D50.job Gogo Share this post Link to post Share on other sites
tarantino 0 Report post Posted December 31, 2006 thank you HJT for your help and effort. (check post above u again ) C:\WINDOWS\tasks\1-Click Maintenance.jobC:\WINDOWS\tasks\A6A01490917B8D50.job that's tune-up utilities 2006 cleaning my pc from junk Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 31, 2006 Hey,Andy Yes great work you know i just copy and paste this in my files. and a 1000 thanks for posting this info for all to have. take care and a safe NewYears to you and family. Gogo Share this post Link to post Share on other sites
tarantino 0 Report post Posted December 31, 2006 (edited) Thanks man, u2. (solved!) huh... PUT IT IN RESOLVED FORUM! Edited January 4, 2007 by Andy{Leet_krew} Share this post Link to post Share on other sites
